b"                                SOCIAL SECURITY\n                                                                                Inspector General\n\n\n                                       November 6, 2003\n\nThe Honorable Jo Anne B. Barnhart\nCommissioner\n\nDear Ms. Barnhart:\n\nIn November 2000, the President signed the Reports Consolidation Act of 2000\n(Public Law No. 106-531), which requires Inspectors General to provide a summary and\nassessment of the most serious management and performance challenges facing Federal\nagencies and the agencies\xe2\x80\x99 progress in addressing them. This document responds to the\nrequirement to include this statement in the Fiscal Year (FY) 2003 Social Security\nAdministration's Performance and Accountability Report.\n\nIn February 2003, we identified 10 significant management issues facing the Social Security\nAdministration for FY 2003. Since that time, we have recategorized some issue areas. Our\nassessment will focus on the following six challenges.\n\n   \xe2\x80\xa2   Social Security Number                \xe2\x80\xa2   Budget and Performance\n       Integrity and Protection                  Integration\n   \xe2\x80\xa2   Management of the Disability          \xe2\x80\xa2   Critical Infrastructure Protection\n       Process                                   and Systems Security\n   \xe2\x80\xa2   Improper Payments                     \xe2\x80\xa2   Service Delivery\n\nThe areas formerly entitled Homeland Security, Social Security Number Integrity and Misuse\nand Integrity of the Earnings Reporting Process have been combined under Social Security\nNumber Integrity and Protection. The Human Capital, E-Government, and Representative\nPayee issue areas are now combined under the Service Delivery issue area. The Fraud Risk\nissue area has been removed, and we have noted that each challenge contains elements of\nfraud risk.\n\nI congratulate you on the progress you have made during FY 2003 in addressing these\nchallenges. I look forward to working with you in continuing to improve the Agency\xe2\x80\x99s ability to\nmeet its mission in an efficient and effective manner. Our assessment of the status of these six\nmanagement challenges is enclosed.\n\n                                                    Sincerely,\n\n                                                    James G. Huse, Jr\n\n\n                                                    James G. Huse, Jr.\n\nEnclosure\n\n            SOCIAL SECURITY ADMINISTRATION             BALTIMORE MD 21235-0001\n\x0c Inspector General Statement\n             on the\nSocial Security Administration\xe2\x80\x99s\nMajor Management Challenges\n\n           A-02-04-14034\n\n\n\n\n         NOVEMBER 2003\n\x0c                                    Mission\nWe improve SSA programs and operations and protect them against fraud, waste,\nand abuse by conducting independent and objective audits, evaluations, and\ninvestigations. We provide timely, useful, and reliable information and advice to\nAdministration officials, the Congress, and the public.\n\n                                   Authority\nThe Inspector General Act created independent audit and investigative units,\ncalled the Office of Inspector General (OIG). The mission of the OIG, as spelled\nout in the Act, is to:\n\n  \xc2\x81 Conduct and supervise independent and objective audits and\n    investigations relating to agency programs and operations.\n  \xc2\x81 Promote economy, effectiveness, and efficiency within the agency.\n  \xc2\x81 Prevent and detect fraud, waste, and abuse in agency programs and\n    operations.\n  \xc2\x81 Review and make recommendations regarding existing and proposed\n    legislation and regulations relating to agency programs and operations.\n  \xc2\x81 Keep the agency head and the Congress fully and currently informed of\n    problems in agency programs and operations.\n\n  To ensure objectivity, the IG Act empowers the IG with:\n\n  \xc2\x81 Independence to determine what reviews to perform.\n  \xc2\x81 Access to all information necessary for the reviews.\n  \xc2\x81 Authority to publish findings and recommendations based on the reviews.\n\n                                     Vision\nBy conducting independent and objective audits, investigations, and evaluations,\nwe are agents of positive change striving for continuous improvement in the\nSocial Security Administration's programs, operations, and management and in\nour own office.\n\x0c           Social Security Number Integrity and Protection\nIn Fiscal Year (FY) 2003, the Social Security Administration (SSA) issued over 17 million\noriginal and replacement Social Security number (SSN) cards. In FY 2003 SSA received\nover $533 billion in employment taxes. Protecting the SSN and properly posting the wages\nare critical to ensuring eligible individuals receive the full retirement, survivors and/or\ndisability benefits due them.\n\nThe SSN is the single most widely used identifier for Federal and State governments and\nthe private sector. It has become the de facto national identifier. Given its importance, the\npossession of an SSN may allow criminals to steal identities and commit other criminal acts.\nIn fact, the lack of protection of the SSN has often led to identity theft and SSN misuse.\nBeing the immediate victim of SSN misuse and/or identity theft may cause an individual\nyears of difficulty and cost financial and commercial institutions a great deal of money. SSN\nmisuse may disguise a dangerous felon or a terrorist as a law-abiding citizen. The\npossession of an SSN provides a criminal the identification and seeming legitimacy he or\nshe needs to go about nefarious business, perhaps putting dozens, hundreds, or even\nthousands of lives in jeopardy.\n\nThe risks associated with SSN misuse and identity theft have led the Office of the Inspector\nGeneral (OIG) to develop plans for a SSN Integrity Protection Team (Team). The Team,\nwhich will be created pending funding, combines the skills of auditors, investigators,\ncomputer specialists, analysts and attorneys. In addition to supporting homeland security\ninitiatives, the Team will focus its efforts on identifying patterns of SSN misuse; locating\nsystemic weaknesses that contribute to SSN misuse; recommending legislative or other\ncorrective actions to ensure the SSN\xe2\x80\x99s integrity; and pursuing criminal and civil enforcement\nprovisions for individuals misusing SSNs.\n\nWe believe that SSA can take some steps to better protect the integrity of the SSN.\nOutstanding audit recommendations include the need to establish a reasonable threshold\nfor the number of replacement SSN cards an individual may obtain during a year and over a\nlifetime and expedite systems controls that would interrupt SSN assignment when SSA\nmails multiple cards to common addresses or when parents claim an improbably large\nnumber of children. Additionally, SSA needs to continue to address identified weaknesses\nwithin its information security environment to better safeguard SSNs and educate SSA staff\nabout counterfeit documents.\n\nAnother important part of ensuring the integrity of the SSN is the proper posting of earnings\nreported under SSNs. If earnings information is reported incorrectly or not reported at all,\nSSA cannot ensure all eligible individuals are receiving the correct payment amounts. In\naddition, the Disability Insurance (DI) and Supplemental Security Income (SSI) programs\ndepend on this earnings information to determine (1) whether an individual is eligible for\nbenefits and (2) the amount of the disability payment. SSA spends scarce resources trying\nto correct earnings data when incorrect information is reported.\n\nWhile SSA has limited control over factors causing the volume of erroneous wage reports\nsubmitted each year, there are still areas where SSA can improve its processes. Prior\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                       1\n\x0caccomplishments may be enhanced by continuing to educate employers on reporting\ncriteria, identify and correct employer reporting problems, and encourage greater use of the\nAgency\xe2\x80\x99s SSN verification programs. SSA also needs to improve coordination with other\nFederal agencies with separate, yet related, mandates. For example, SSA\xe2\x80\x99s ability to\nimprove wage reporting is related to the Internal Revenue Service\xe2\x80\x99s sanctioning of\nemployers for submitting invalid wage data and the Bureau of Citizenship and Immigration\nServices\xe2\x80\x99 procedures used by employers to verify eligible employees.\n\nAnother issue of concern is SSA\xe2\x80\x99s Earnings Suspense File (ESF). The ESF is the Agency\xe2\x80\x99s\nrecord of annual wage reports that include wage earners\xe2\x80\x99 names and SSNs that fail to\nmatch SSA\xe2\x80\x99s records. Between 1937 and 2000, the ESF grew to represent about\n$374 billion in wages, which included about 236 million wage items with an invalid name\nand SSN combination. As of July 2002, SSA had posted 9.6 million wage items to the ESF\nfor Tax Year (TY) 2000, representing about $49 billion in wages. We requested updated\ninformation on the number and dollar amount of wage items posted to the ESF, but the\nAgency has not provided them.\n\nSSA Has Taken Steps to Address this Challenge\nIn our Management Advisory Report entitled Social Security Number Integrity: An Important\nLink in Homeland Security, we concluded that it was critical for SSA to independently verify\nthe authenticity of documents presented by SSN applicants. SSA has taken steps to\naddress this issue, including the establishment of a task force to address the integrity and\nprotection of the SSN. One result of the task force\xe2\x80\x99s efforts includes SSA\xe2\x80\x99s decision to stop\nassigning SSNs to non-citizens without first verifying the authenticity of their documents.\nWe are currently assessing the Agency\xe2\x80\x99s compliance with these new procedures. SSA also\nhas tightened evidentiary requirements for SSN applicants. SSA requires mandatory\ninterviews for all applicants over the age of 12 for original SSNs and requires evidence of\nidentity for all children, regardless of age. SSA also established a pilot center in Brooklyn,\nNew York that focuses exclusively on enumeration of citizens and non-citizens.\n\nSSA has taken steps over the past year to reduce the size and growth of the ESF. SSA has\nexpanded its Employee Verification Service to include an on-line service called the Social\nSecurity Number Verification Service, which allows an employer to verify the name and SSN\nof employees prior to reporting their wages to SSA. The Agency has also modified its\nsystems to help identify the number holder related to suspended items. Whereas previous\ninternal edits used only the name and SSN related to the suspended wage, SSA stated that\nthe new processes would use information stored on the earnings and benefits records.\nFurthermore, SSA has established a performance goal to remove 30 million items from the\nESF by 2005.\n\nSSA also increased the number of \xe2\x80\x9cno-match\xe2\x80\x9d letters\xe2\x80\x94or educational correspondence\xe2\x80\x94\nsent to employers who submitted W-2s containing name and/or SSN information that did not\nagree with SSA\xe2\x80\x99s records. While we found this to be an encouraging step, SSA announced\na new policy change effective for TY 2002 wage reporting that reduced the number of \xe2\x80\x9cno-\nmatch\xe2\x80\x9d letters sent to employers. As a result of this change, SSA estimates that it will send\n129,000 letters to employers for TY 2002, or about 820,000 fewer letters than were sent for\nTY 2001.\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                        2\n\x0c                   Management of the Disability Process\nSSA needs to improve critical parts of the disability process\xe2\x80\x94determining disabilities, the\naccuracy of disability payments, and the integrity of the disability programs. In January\n2003, the General Accounting Office (GAO) added the modernizing of Federal disability\nprograms including SSA\xe2\x80\x99s to its 2003 high-risk list.\n\nFraud is an inherent risk in SSA\xe2\x80\x99s disability programs. Some unscrupulous people view\nSSA\xe2\x80\x99s disability benefits as money waiting to be taken. A key risk factor in the disability\nprogram is individuals who feign or exaggerate symptoms of illness to become eligible for\ndisability benefit payments. Another key risk factor in SSA\xe2\x80\x99s disability programs is the\nmonitoring of medical improvements for disabled beneficiaries to ensure that individuals\nwho are no longer disabled are removed from the disability program.\n\nOver the last several years, SSA has tested several improvements to the disability\ndetermination process as a result of concerns about the timeliness and quality of its service.\nThe disability improvements combine initiatives that have been tested and piloted over the\nlast few years and include all levels of eligibility determination\xe2\x80\x94beginning with State\nDisability Determination Services (DDS) and going through the hearings and appeals\nprocesses. To date, SSA\xe2\x80\x99s initiatives have shown some progress in making improvements\nto the disability determination process. In FY 2003, average processing time was 97.1 days\nfor initial disability claims, 344 days for hearings, and 294 days for decisions on appeals of\nhearings. In FY 2000, average processing time was 102 days for initial disability claims,\n297 days for hearings, and 505 days for decisions on appeals of hearings.\n\nSSA also needs to improve the accuracy of its benefit payments. During FY 2003, we\ninformed SSA that a significant number of disabled DI beneficiaries continued to receive\nbenefits despite having earnings that should have resulted in benefit suspension or\ntermination. As a result of this weakness, we estimated that SSA did not assess\noverpayments totaling approximately $791 million for 45,620 disabled beneficiaries.\n\nSSA Has Taken Steps to Address this Challenge\nSSA continues to focus on improving the disability process. The Commissioner announced\nshort-term decisions regarding the disability process which included: pursuing the expansion\nof the Single-Decision Maker authority nationwide, ending the requirements for the claimant\nconference in sites testing the prototype disability process, evaluating the elimination of the\nreconsideration level of the claims process nationwide, making additional improvements to\nthe hearings process, and implementing an Electronic Disability System by 2004. According\nto SSA, the Electronic Disability System is expected to improve processing times, reduce\ncosts, improve productivity, lower backlogs, and improve the Agency\xe2\x80\x99s capacity to better\nhandle growing workloads. In September 2003, the Commissioner announced long-term\ninitiatives to address the Agency\xe2\x80\x99s disability related challenges, which she stated are\npredicated on the successful implementation of the Electronic Disability System.\n\nAccording to GAO, SSA\xe2\x80\x99s cost-benefit analysis of the Electronic Disability System may have\nunderestimated the costs, while overstating the corresponding benefits. Specifically, GAO\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                        3\n\x0creported that the cost-benefit analysis did not fully consider the costs associated with certain\ncritical information technology infrastructure such as scanning, imaging,\ntelecommunications, disaster recovery, and on-site retention and destruction of source\ndocuments.\n\nAnother area in which SSA has taken an active role is addressing the integrity of its\ndisability programs through the Cooperative Disability Investigations (CDI) units. The focus\nof the CDI process is to obtain evidence that may prevent fraud in SSA\xe2\x80\x99s disability\nprograms. SSA\xe2\x80\x99s Office of Operations, Office of Disability Programs, and Office of Disability\nDeterminations, along with the OIG, manage the CDI process. There are currently 18 CDI\nunits operating in 17 States. In FY 2003, CDI units saved SSA approximately $100 million\nby identifying fraud or similar fault in initial and continuing claims in SSA\xe2\x80\x99s disability\nprograms.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                         4\n\x0c                                Improper Payments\nImproper payments are defined as payments that should not have been made or were\nmade for incorrect amounts. Examples of improper payments include inadvertent errors,\npayments for unsupported or inadequately supported claims, payments for services not\nrendered, or payments to ineligible beneficiaries. The risk of improper payments increases\nin programs with (1) a significant volume of transactions, (2) complex criteria for computing\npayments, and/or (3) an overemphasis on expediting payments. Since SSA is responsible\nfor issuing over $400 billion in benefit payments per year under the Old-Age, Survivors and\nDisability Insurance (OASDI) and SSI programs to over 50 million individuals, SSA is at-risk\nof making significant improper payments. Considering the volume and amount of payments\nSSA makes each month, even the slightest error in the overall process can result in millions\nof dollars in over- or underpayments.\n\nThe President and Congress have expressed interest in measuring the universe of improper\npayments within the Government. Specifically, in August 2001, the Office of Management\nand Budget (OMB) published the FY 2002 President\xe2\x80\x99s Management Agenda, which\nincluded a Government-wide initiative for improving financial performance. In\nNovember 2002, the Improper Payments Information Act of 2002 (Public Law No. 107-300)\nwas enacted.\n\nSSA and the OIG have had on-going discussions on improper payments\xe2\x80\x94on such issues\nas detected versus undetected improper payments and avoidable overpayments versus\nunavoidable overpayments which are outside the Agency\xe2\x80\x99s control and a \xe2\x80\x9ccost of doing\nbusiness.\xe2\x80\x9d In August 2003, OMB issued specific guidance to SSA to only include avoidable\noverpayments in the Agency\xe2\x80\x99s improper payments estimate because these payments could\nbe reduced through changes in administrative actions. Unavoidable overpayments that\nresult from legal or policy requirements are not to be included in SSA\xe2\x80\x99s improper payment\nestimate. In accordance with the Improper Payments Information Act and OMB\xe2\x80\x99s specific\nguidance, SSA is required to estimate its annual amount of improper payments and report\nthis information in its Performance and Accountability Report for FYs ending on or after\nSeptember 30, 2004. OMB will use this information while working with SSA to establish\ngoals for reducing improper payments for each program.\n\nOne of the ways SSA measures payment accuracy is through its stewardship report. The\nstewardship review measures payment accuracy based on non-medical eligibility factors.\nSSA\xe2\x80\x99s stewardship report showed the OASDI accuracy rate was 99.87 percent for FY 2002.\nThis accuracy rate translates to an expected $588.6 million in OASDI overpayments.\nHowever, SSA reported actual OASDI overpayments that were newly discovered in\nFY 2002 to be $1.6 billion, which included overpayments for benefits paid in FY 2002 as\nwell as benefits paid before FY 2002 but that were discovered as overpayments in FY 2002.\nFurther, over each of the last 5 years, SSA has identified and reported in its financial\nstatements over $700 million more in overpayments than what the Agency\xe2\x80\x99s payment\naccuracy rate would reflect.\n\nIn September 2003, the OIG prepared an issue paper on improper payments\xe2\x80\x94where we\nanalyzed overpayments from SSA, other Federal agencies, and private sector disability\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                       5\n\x0cinsurers. To continue our work in this area, we will initiate a comprehensive and statistically\nvalid review in FY 2004 to quantify the amount of undetected overpayments in SSA\xe2\x80\x99s\ndisability programs. Additionally, preliminary results from one of our audits at the end of\nFY 2003 show significant overpayments related to earnings by disabled beneficiaries went\nundetected by SSA.\n\nSSA Has Taken Steps to Address this Challenge\nSSA has been working to improve its ability to prevent over- and underpayments by\nobtaining beneficiary information from independent sources sooner and/or using technology\nmore effectively. In this regard, SSA has initiated new computer matching agreements,\nobtained on-line access to wage and income data, and implemented improvements in its\ndebt recovery program. Additionally, working with SSA, we have helped the Agency reduce\nimproper payments to prisoners and fugitive felons. These efforts continue.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                         6\n\x0c                    Budget and Performance Integration\nThis area encompasses SSA\xe2\x80\x99s efforts to provide timely, useful, and reliable data to assist\ninternal and external decisionmakers in effectively managing Agency programs, as well as\nboth evaluating performance and ensuring the validity and reliability of performance,\nbudgeting, and financial data.\n\nTo effectively meet its mission, manage its programs, and report on its performance, SSA\nneeds sound performance and financial data. Congress, the general public, and other\ninterested parties also need sound and credible data to monitor and evaluate SSA\xe2\x80\x99s\nperformance. The President\xe2\x80\x99s Management Agenda has placed great emphasis on the\nmanagement and performance integration of Federal agencies. SSA has demonstrated a\nstrong commitment to the Government Performance and Results Act of 1993 (Public Law\nNo. 103-62) by developing strategic plans, annual performance plans and annual\nperformance reports. However, we believe SSA can further strengthen its use of\nperformance information by fully documenting the methods and data used to measure\nperformance and by improving its data sources.\n\nOur audits of 18 performance measures in FY 2003 found the data for 13 of the measures\nreviewed were reliable. We concluded that the data for five of the measures was found not\nreliable. Although the majority of performance measures were determined to be reliable,\nour audits found that SSA had inadequate documentation for 5 of its 18 performance\nmeasures regarding the methods used to measure its performance. Considering the critical\nrole of the underlying data in all of SSA\xe2\x80\x99s performance, financial, and data-sharing activities,\nit is crucial that the Agency have clear processes in place to ensure the reliability and\nintegrity of its data.\n\nWe have previously noted that SSA needs to better link costs with performance. In its\nFY 2003 Annual Performance Plan (APP), SSA acknowledged that costs are specifically\naligned with outcome measures for only a few activities. SSA needs to further develop a\ncost accounting system to better link costs with performance. Since most goals are not\naligned by budget account, the resource, human capital, and technology necessary to\nachieve many performance goals are not adequately described.\n\nSSA Has Taken Steps to Address this Challenge\nOur audits and reviews of SSA\xe2\x80\x99s financial statements, annual performance plans and\nreports, and individual performance measures disclosed that SSA has demonstrated\ncommitment to the production and use of reliable performance and financial management\ndata. For example, SSA has begun development of its new cost accounting system,\nManagerial Cost Accountability System, and expects development to be completed in\nFY 2005. SSA is the only Federal agency to receive the Certificate of Excellence in\nAccountability Reporting for its Performance and Accountability Report every year since the\naward program began for FY 1998. Additionally, OMB updated the President\xe2\x80\x99s\nManagement Agenda scorecard in FY 2003, changing SSA\xe2\x80\x99s status in Financial\nManagement from yellow to green\xe2\x80\x94the highest rating.\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                          7\n\x0cSSA has continually refined its annual performance plans to develop performance\nmeasures that more accurately reflect performance and are more outcome-based. In\nFY 2002, SSA revamped its Tracking Report used by Agency executives to manage key\nworkloads at the national level and made it available to all employees on-line. The revised\nreport tracks key performance measures and provides alerts as to whether performance is\nsignificantly different from the goals established. In FY 2003, SSA released its FY 2004\nAPP and Revised Final FY 2003 APP to Congress. The plans reflect Commissioner\nBarnhart\xe2\x80\x99s priorities and describe performance levels the Agency is committed to reaching,\nalong with strategies for achieving them. This includes an alignment of strategic goals,\nperformance measures, and budget with major functional responsibilities.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                      8\n\x0c        Critical Infrastructure Protection and Systems Security\nThe information that SSA needs to conduct its mission is one of its most valuable assets.\nThe Agency is depending on technology to meet the challenges of increasing workloads\nwith fewer resources. A physically and technologically secure Agency information\ninfrastructure is a fundamental requirement. Growth in computer interconnectivity brings a\nheightened risk of disrupting or sabotaging critical operations, reading or copying sensitive\ndata, and tampering with critical processes. Those who wish to disrupt or sabotage critical\noperations have more tools and opportunities than ever.\n\nSSA has been given responsibility to protect sensitive information for virtually every\nAmerican. This information includes earnings data the Agency uses to post earnings for\n266 million wage items and medical information for millions of claimants filing for disability\nbenefits. Strong systems security and controls are essential to protecting SSA\xe2\x80\x99s critical\ninformation infrastructure. Although no significant event has occurred to date, the level of\nrisk is so great that should something occur, it could have national security implications.\n\nSince 1997, SSA has had an internal controls reportable condition concerning its protection\nof information. The reportable condition came about because of weaknesses in the\nfollowing areas:\n\n    \xe2\x80\xa2    Technical Security Configuration         \xe2\x80\xa2   Physical Security and Security\n         Standards                                    Policy for DDS Sites\n\n    \xe2\x80\xa2    Security Monitoring Enforcement          \xe2\x80\xa2   Suitability\n\n    \xe2\x80\xa2    Access Control                           \xe2\x80\xa2   Continuity of Operations\n\n\nThe most important of the issues listed above is access control. As long as access control\nto SSA\xe2\x80\x99s systems is not fully resolved, the reportable condition will remain. The resolution\nof this reportable condition remains a priority for the Agency. To remedy this issue, SSA\nneeds to perform periodic reviews of everyone who has access to production data and\nassign data ownership or responsibility.\n\nSSA Has Taken Steps to Address this Challenge\nSSA addresses critical information infrastructure and systems security in a variety of ways.\nThe Critical Infrastructure Protection work group, created in FY 2000, continually works\ntoward compliance with Presidential Decision Directive 63. Presidential Decision Directive\n63 and other significant legislation, requires Federal agencies to identify and effectively\nprotect their critical systems and the information they hold. SSA has several other\ncomponents throughout the organization that handle systems security including the newly\ncreated Office of Information Technology Security Policy within the Office of the Chief\nInformation Officer. SSA also routinely releases security advisories to its employees and\nhas hired outside contractors to provide expertise in this area.\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                          9\n\x0cSSA has taken some specific steps to address the information protection issues raised in\nprior years. Specifically SSA has:\n\n   \xe2\x80\xa2   Issued final risk models to standardize platform security configuration settings for the\n       Windows NT, Windows 2000, AS400, and Unix platforms;\n\n   \xe2\x80\xa2   Established and implemented ongoing monitoring tools and procedures to ensure the\n       consistency of platform security configuration standards for Windows NT, Windows\n       2000, AS400, and Unix platforms;\n\n   \xe2\x80\xa2   Established procedures for shifting and handling Agency workloads;\n\n   \xe2\x80\xa2   Improved the security policy and procedures for DDS sites;\n\n   \xe2\x80\xa2   Continued progress on the Standard Security Profile Project\xe2\x80\x94a full scale comparison\n       of Information Technology user access assignments to job responsibilities;\n\n   \xe2\x80\xa2   Continued progress on the Dataset Naming Standards project including setting\n       naming conventions and determining tools for compliance and enforcement;\n\n   \xe2\x80\xa2   Strengthened physical security controls over SSA offices; and\n\n   \xe2\x80\xa2   Established and implemented procedures for enhanced review of security violations\n       on SSA\xe2\x80\x99s mainframe computers.\n\nSSA needs to take additional steps to address its access control weaknesses to remove the\nreportable condition. Data ownership and individual responsibility must be assigned for the\ndifferent systems that control and monitor production data. Management must perform\nperiodic reviews of those who have access to sensitive data and ensure that individuals only\nhave access to the data necessary to complete their jobs. SSA is taking steps to address\nthe access control weaknesses, but there is not a specific schedule or timeframe for when\nthe weakness will be resolved.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                        10\n\x0c                                   Service Delivery\nThe Agency\xe2\x80\x99s goal of \xe2\x80\x9cservice\xe2\x80\x9d encompasses traditional and electronic services provided to\napplicants for benefits, beneficiaries and the general public. It includes services to and from\nStates, other agencies, third parties, employers, and other organizations including financial\ninstitutions and medical providers. SSA\xe2\x80\x99s service related goal supports the delivery of\n\xe2\x80\x9ccitizen-centered\xe2\x80\x9d services through the use of \xe2\x80\x9cE-Government,\xe2\x80\x9d and therefore affords SSA\nopportunities to advance the level of its service. Given the complexity of the Agency\xe2\x80\x99s\nprograms, the billions of dollars in payments at stake, and the millions of citizens who rely\non SSA, the Agency is challenged to provide quality, timely, and appropriate services\nconsistently to its clients and the public-at-large. E-Government, Human Capital, and the\nrepresentative payee process pose significant challenges that impact service delivery.\n\nBy 2012, workloads are anticipated to increase to unprecedented volumes. Specifically, DI\nbeneficiaries are expected to increase by 35 percent. Additionally, it is estimated that\nOld-Age and Survivors Insurance beneficiaries and SSI recipients will increase by 18 and\n12 percent, respectively. Along with the workload increase, technological change will have\na profound impact on the public\xe2\x80\x99s expectations, as well as SSA\xe2\x80\x99s ability to meet those\nexpectations.\n\nThe President\xe2\x80\x99s Management Agenda calls for improved service delivery through the use of\nE-Government in creating more cost-effective and efficient ways to provide service to\ncitizens. The increased use of E-Government will be vital as the Agency addresses rising\nworkloads associated with the aging of the baby-boom generation.\n\nAnother challenge to service delivery is human capital. In January 2001, GAO added\nstrategic human capital management to its list of Federal programs and operations identified\nas high-risk. The critical loss of institutional skills and knowledge, combined with greatly\nincreased workloads at a time when the baby-boom generation will require its services,\nmust be addressed by succession planning, strong recruitment efforts, and the effective use\nof technology, as previously discussed. SSA estimates that during this decade over\n28,000 of its approximately 65,000 Federal employees will retire and another 10,000 will\nleave the Agency for other reasons. This is approximately 58 percent of the current\nworkforce. SSA expects that this \xe2\x80\x9cretirement wave\xe2\x80\x9d will affect its ability to deliver service to\nthe American public.\n\nAnother specific challenge in this area is the integrity of the representative payee process.\nWhen SSA determines a beneficiary cannot manage his or her benefits, SSA selects a\nrepresentative payee who manages and solely uses the payments for the beneficiary\xe2\x80\x99s\nneeds. There are about 5.3 million representative payees who manage about $44 billion in\nbenefits for approximately 6.7 million beneficiaries. SSA has experienced problems with the\nselection, monitoring and accountability of representative payees. While representative\npayees provide a valuable service for beneficiaries, SSA must continue to ensure\nrepresentative payees meet their responsibilities to the beneficiaries they serve.\n\nOur audits of representative payees have shown that continued SSA oversight and\nmonitoring of representative payees are needed. Our audits identified deficiencies with\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                        11\n\x0crepresentative payees' financial management and accounting for benefit receipts and\ndisbursements; vulnerabilities in safeguarding of beneficiary payments; poor monitoring and\nreporting to SSA of changes in beneficiary circumstances; inappropriate handling of\nbeneficiary-conserved funds; and improper charging of fees. In addition, SSA needs to\nimprove its selection and monitoring of representative payees.\n\nSSA Has Taken Steps to Address this Challenge\n\nSSA has taken steps to address its E-Government, Human Capital, and representative\npayee challenges. By 2005, SSA is expected to have 60 percent of its customer-initiated\nservices available through automated telephone services or the Internet. The Agency\nrecently began allowing the public to file DI claims through the Internet to help achieve its\nservice delivery goals. SSA expects to begin a nation-wide roll-out of its Electronic\nDisability System in 2004. By 2007, over 80 percent of wage reports will be submitted and\nprocessed electronically and employers will be able to identify and correct wage report\nerrors online. Further, SSA has increased the percentage of W-2s filed electronically from\n42.5 percent in FY 2002 to 53.4 percent in FY 2003.\n\nThe Agency has taken additional steps to meet its future workforce needs. SSA has\ndeveloped plans and taken other actions to address the expected increase in its workloads\nand the concurrent loss of staff due to retirement. Studies have been conducted to predict\nstaff retirements and attritions by year for major job positions. SSA has also developed a\ndocument detailing how it envisions functioning in the future. Further, SSA planning\ndocuments comply with the President\xe2\x80\x99s Management Agenda and achieve expected near-\nterm results related to the strategic management of human capital.\n\nThe Agency has taken steps to address its representative payee process challenge. SSA\nreports it has a number of initiatives underway to improve the selection of organizational\nrepresentative payees. The Agency also conducts site reviews for approximately\n1,800 representative payees, which include fee-for-service representative payees, volume\nrepresentative payees (serving 100 or more beneficiaries) who are subject to expanded\nmonitoring, and individual representative payees serving 20 or more beneficiaries. These\nreviews are performed on a triennial cycle.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                       12\n\x0c                                     Appendices\nAPPENDIX A \xe2\x80\x93 Acronyms\n\nAPPENDIX B \xe2\x80\x93 Related Office of the Inspector General Reports\n\nAPPENDIX C \xe2\x80\x93 Office of the Inspector General Contacts\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)\n\x0c                                                                       Appendix A\n\nAcronyms\n    APP                  Annual Performance Plan\n    CDI                  Cooperative Disability Investigations\n    DDS                  Disability Determination Services\n    DI                   Disability Insurance\n    ESF                  Earnings Suspense File\n    FY                   Fiscal Year\n    GAO                  General Accounting Office\n    OASDI                Old-Age, Survivors and Disability Insurance\n    OIG                  Office of the Inspector General\n    OMB                  Office of Management and Budget\n    SSA                  Social Security Administration\n    SSI                  Supplemental Security Income\n    SSN                  Social Security Number\n    TY                   Tax Year\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)\n\x0c                                                                          Appendix B\n\nRelated Office of the Inspector General Reports\n   Management Challenge Area, Report Title and                              Report\n         Common Identification Number                                       Issued\n\n                    Social Security Number Integrity and Protection\n\nCongressional Response Report: Use and Misuse of the Social           August 22, 2003\nSecurity Number (A-03-03-24048)\nCongressional Response Report: Review of the Social Security          April 28, 2003\nNumber Feedback Pilot Project (A-03-03-13017)\nCongressional Response Report: Social Security Administration         March 18, 2003\nBenefits Related to Unauthorized Work\n(A-03-03-23053)\nThe Social Security Administration\xe2\x80\x99s Processing of Internal Revenue   March 18, 2003\nService Overstated Wage Referrals (A-03-02-22068)\nFederal Agencies\xe2\x80\x99 Control Over the Access, Disclosure and Use         March 11, 2003\nof Social Security Numbers by External Entities\n(A-08-03-13050)\nReferring Potentially Fraudulent Enumeration Applications to the      March 3, 2003\nOffice of Inspector General (A-14-03-23052)\nReview of the Social Security Administration Controls over the        December 30, 2002\nAccess, Disclosure, and Use of Social Security Numbers by\nExternal Entities (A-08-02-22071)\nCongressional Response Report: Status of the Social Security          November 18, 2002\nAdministration's Earnings Suspense File\n(A-03-03-23038)\n\n                         Management of the Disability Process\n\nUse of Mental Consultative Examinations by the Wisconsin Disability   August 22, 2003\nDetermination Bureau (A-01-03-23090)\nCongressional Response Report: Office of Hearings and Appeals         August 11, 2003\nAdministrative Law Judges\xe2\x80\x99 Work Assignments in Greensboro and\nRaleigh, North Carolina (Limited Distribution) (A-13-03-33089)\nEvaluation of the Accelerated eDib System-Fourth Assessment           July 10, 2003\n(A-14-03-23069)\nDisability Determination Services\xe2\x80\x99 Use of Volume Consultative         March 10, 2003\nExamination Providers (A-07-02-12049)\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                         B-1\n\x0c   Management Challenge Area, Report Title and                             Report\n         Common Identification Number                                      Issued\n\n                                   Improper Payments\n\nIssue Paper: Detecting, Preventing, and Eliminating Unidentified     September 3, 2003\nOverpayments in the Social Security Administration\xe2\x80\x99s Disability\nProgram (Limited Distribution)\n(A-09-02-22067)\nFollow-up on Prior Office of the Inspector General Prisoner Audits   July 24, 2003\n(A-01-02-12018)\nManagement Advisory Report: Title II Disability Insurance Benefits   July 23, 2003\nWith Workers\xe2\x80\x99 Compensation Underpayment Errors Exceeding\n$70,000 (A-04-02-21054)\nData Matching with Foreign Countries (A-13-03-23015)                 June 17, 2003\nFollow-up Review of Old-Age, Survivors and Disability Insurance      June 13, 2003\nBenefits Paid to Deceased Auxiliary Beneficiaries (A-01-03-13037)\nPending Workers\xe2\x80\x99 Compensation: The Social Security Administration    June 6, 2003\nCan Prevent Millions in Title II Disability Overpayments\n(A-08-02-12064)\nUse of State Bureaus of Vital Statistics Records to Detect           June 2, 2003\nUnreported Marriages and Divorces (A-09-00-30059)\nManagement Advisory Report: The Social Security Administration\xe2\x80\x99s     April 15, 2002\nWorkers\xe2\x80\x99 Compensation Data Match with the State of Texas\n(A-06-03-13022)\nAnalysis of Multiple, Unrelated Title II Payments to the Same Bank   March 3, 2003\nAccount (A-15-01-11033)\nCongressional Response Report: The Social Security                   January 24, 2003\nAdministration\xe2\x80\x99s Efforts to Process Death Reports and Improve its\nDeath Master File (A-09-03-23067)\nOld-Age, Survivors and Disability Insurance and Supplemental         October 30, 2002\nSecurity Income Payments to Deceased Beneficiaries and\nRecipients (A-06-02-12012)\nCongressional Response Report: Status of Corrective Actions          October 9, 2002\nTaken in Response to Recommendations in Fiscal Years 1997\nThrough 2000 Payment Accuracy Task Force Reports\n(A-13-01-21046)\n\n                          Budget and Performance Integration\n\nSummary of the Office of the Inspector General\xe2\x80\x99s Reviews of the      September 3, 2003\nSocial Security Administration\xe2\x80\x99s Performance Data\n(A-02-03-13033)\nAssessment of the Social Security Administration\xe2\x80\x99s Performance       April 30, 2003\nMeasures (A-02-02-12050)\nPerformance Indicator Audit: Enumeration (A-02-02-11088)             April 30, 2003\nPerformance Indicator Audit: Paperless Electronic Access             March 18, 2003\n(A-15-02-11084)\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                        B-2\n\x0c   Management Challenge Area, Report Title and                               Report\n         Common Identification Number                                        Issued\nPerformance Indicator Audit: Postentitlement Automation Rate           February 26, 2003\n(A-15-02-32092)\nPerformance Indicator Audit: Appeals Council (Limited Distribution)    February 21, 2003\n(A-15-02-11085)\nPerformance Indicator Audit: Customer Satisfaction                     February 4, 2003\n(A-02-02-11082)\nPerformance Indicator Audit: Wage Reporting (A-15-02-11087)            January 28, 2003\nPerformance Indicator Audit: Electronic Access                         January 23, 2003\n(A-15-02-11083)\nReview of the Social Security Administration\xe2\x80\x99s Fiscal Year 2003        January 7, 2003\nAnnual Performance Plan (A-02-02-12033)\nFiscal Year 2002 Financial Statement Audit (A-15-02-12075)             November 19, 2002\nInspector General\xe2\x80\x99s Statement on the Social Security                   November 15, 2002\nAdministration\xe2\x80\x99s Major Management Challenges\n(A-02-03-13034)\n\n               Critical Infrastructure Protection and Systems Security\n\nEffective Use of Encryption Technology to Protect the Social           August 22, 2003\nSecurity Administration\xe2\x80\x99s Information Assets (Limited Distribution)\n(A-14-02-12048)\nManagement Advisory Report: President\xe2\x80\x99s Council on Integrity and       August 15, 2003\nEfficiency Review of Critical Infrastructure Protection Program-\nCyber-based Infrastructure (Limited Distribution)\n(A-14-03-23001)\nProject Matrix Step Two: Analysis of the National Computer Center,     May 20, 2003\nthe Telecommunications Systems, and the Integrated Client\nDatabase (Limited Distribution) (A-14-03-23008)\nManagement Advisory Report: Physical Security for the Social           December 24, 2002\nSecurity Administration\xe2\x80\x99s Laptop Computers, Cellular Telephones,\nand Pagers (Limited Distribution) (A-14-02-32061)\nManagement Advisory Report: The Social Security Administration's       October 24, 2002\nOversight of the Disability Determination Services' Systems Security\n(Limited Distribution)\n(A-14-02-22026)\nAudit of the Administrative Costs Claimed by the Kansas Disability     October 23, 2002\nDetermination Services (A-07-02-22003)\n\n                                      Service Delivery\n\nThe Connecticut Mental Health Center, Money Management                 August 14, 2003\nProgram - An Organizational Representative Payee for the Social\nSecurity Administration (A-13-03-23009)\nAudit of Cottonwood, Incorporated - An Organizational                  August 4, 2003\nRepresentative Payee for the Social Security Administration (Limited\nDistribution) (A-07-03-13024)\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                          B-3\n\x0c   Management Challenge Area, Report Title and                              Report\n         Common Identification Number                                       Issued\nCongressional Response Report: The Social Security                    July 24, 2003\nAdministration\xe2\x80\x99s Policies and Procedures Concerning the Rural\nDevelopment Act of 1972 (A-13-03-23087)\nAudit of the Community Counseling Centers of Chicago \xe2\x80\x93 A              July 15, 2003\nFee-for-Service Representative Payee for the Social Security\nAdministration (A-13-03-13002)\nManagement Advisory Report: Best Practices in Federal Paper           June 23, 2003\nRecords Management (A-04-03-13030)\nSierra Regional Center \xe2\x80\x93 An Organizational Representative Payee       June 20, 2003\nfor the Social Security Administration (A-09-03-23023)\nAudit of Key Point Health Services, Inc. \xe2\x80\x93 An Organizational          May 29, 2003\nRepresentative Payee for the Social Security Administration\n(A-13-02-22014)\nAudit of Atlantis Rehabilitation and Nursing Center - A               May 6, 2003\nRepresentative Payee for the Social Security Administration\n(A-02-03-13013)\nThe Social Security Administration\xe2\x80\x99s Site Reviews of Representative   April 30, 2003\nPayees (A-13-01-11042)\nScreening Representative Payees for Fugitive Warrants                 March 14, 2003\n(A-01-02-12032)\nInternal Control Review of the Remittance and Disbursement of         March 5, 2003\nCash or Cash Equivalents at Social Security Administration Field\nOffices (Limited Distribution) (A-15-01-21031)\nInternal Control Review of the Remittance Process at the Social       March 3, 2003\nSecurity Administration\xe2\x80\x99s Mid-Atlantic Program Service Center\n(Limited Distribution) (A-15-02-22001)\nEvaluation of the Accelerated eDib System \xe2\x80\x93 Third Assessment          December 20, 2002\n(A-14-03-13047)\nFinancial-Related Audit of the Harris County Guardianship Program     December 16, 2002\n\xe2\x80\x93 An Organizational Representative Payee for the Social Security\nAdministration (A-04-02-12020)\nIdentifying Representative Payees Who Had Their Own Benefits          October 10, 2002\nSuspended Under the Fugitive Provisions of Public Law 104-193\n(A-01-02-12073)\nFinancial-Related Audit of the Washington State Department of         October 8, 2002\nSocial and Health Services - An Organizational Representative\nPayee for the Social Security Administration (A-13-02-12010)\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)                         B-4\n\x0c                                                                        Appendix C\n\nOffice of the Inspector General Contacts\n   Walter Bayer, Director                 Social Security Number Integrity and\n                                          Protection\n\n   Mark Bailey, Director                  Management of the Disability Process\n\n   Rona Rustigian, Director               Improper Payments\n\n   Fred Nordhoff, Director                Budget and Performance Integration\n\n   Kitt Winter, Director                  Critical Infrastructure Protection and Systems\n                                          Security\n\n   Shirley Todd, Director                 Service Delivery\n\n\n\nFor additional copies of this report, please visit our web site at http://www.ssa.gov/oig or\ncontact the Office of the Inspector General\xe2\x80\x99s Public Affairs Specialist at (410) 966-1375.\nRefer to Common Identification Number A-02-04-14034.\n\n\n\n\nIG Statement on SSA\xe2\x80\x99s Major Management Challenges (A-02-04-14034)\n\x0c                           DISTRIBUTION SCHEDULE\n\nCommissioner of Social Security\nOffice of Management and Budget, Income Maintenance Branch\nChairman and Ranking Member, Committee on Ways and Means\nChief of Staff, Committee on Ways and Means\nChairman and Ranking Minority Member, Subcommittee on Social Security\nMajority and Minority Staff Director, Subcommittee on Social Security\nChairman and Ranking Minority Member, Subcommittee on Human Resources\nChairman and Ranking Minority Member, Committee on Budget, House of\nRepresentatives\nChairman and Ranking Minority Member, Committee on Government Reform and\nOversight\nChairman and Ranking Minority Member, Committee on Governmental Affairs\nChairman and Ranking Minority Member, Committee on Appropriations, House of\nRepresentatives\nChairman and Ranking Minority, Subcommittee on Labor, Health and Human Services,\nEducation and Related Agencies, Committee on Appropriations,\n House of Representatives\nChairman and Ranking Minority Member, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Subcommittee on Labor, Health and Human\nServices, Education and Related Agencies, Committee on Appropriations, U.S. Senate\nChairman and Ranking Minority Member, Committee on Finance\nChairman and Ranking Minority Member, Subcommittee on Social Security and Family\nPolicy\nChairman and Ranking Minority Member, Senate Special Committee on Aging\nSocial Security Advisory Board\n\x0c                   Overview of the Office of the Inspector General\n\n\n                                        Office of Audit\nThe Office of Audit (OA) conducts comprehensive financial and performance audits of the\nSocial Security Administration\xe2\x80\x99s (SSA) programs and makes recommendations to ensure that\nprogram objectives are achieved effectively and efficiently. Financial audits, required by the\nChief Financial Officers' Act of 1990, assess whether SSA\xe2\x80\x99s financial statements fairly present\nthe Agency\xe2\x80\x99s financial position, results of operations and cash flow. Performance audits review\nthe economy, efficiency and effectiveness of SSA\xe2\x80\x99s programs. OA also conducts short-term\nmanagement and program evaluations focused on issues of concern to SSA, Congress and the\ngeneral public. Evaluations often focus on identifying and recommending ways to prevent and\nminimize program fraud and inefficiency, rather than detecting problems after they occur.\n\n                               Office of Executive Operations\nThe Office of Executive Operations (OEO) supports the Office of the Inspector General (OIG)\nby providing information resource management; systems security; and the coordination of\nbudget, procurement, telecommunications, facilities and equipment, and human resources. In\naddition, this office is the focal point for the OIG\xe2\x80\x99s strategic planning function and the\ndevelopment and implementation of performance measures required by the Government\nPerformance and Results Act. OEO is also responsible for performing internal reviews to ensure\nthat OIG offices nationwide hold themselves to the same rigorous standards that we expect from\nSSA, as well as conducting investigations of OIG employees, when necessary. Finally, OEO\nadministers OIG\xe2\x80\x99s public affairs, media, and interagency activities, coordinates responses to\nCongressional requests for information, and also communicates OIG\xe2\x80\x99s planned and current\nactivities and their results to the Commissioner and Congress.\n\n                                    Office of Investigations\nThe Office of Investigations (OI) conducts and coordinates investigative activity related to fraud,\nwaste, abuse, and mismanagement of SSA programs and operations. This includes wrongdoing\nby applicants, beneficiaries, contractors, physicians, interpreters, representative payees, third\nparties, and by SSA employees in the performance of their duties. OI also conducts joint\ninvestigations with other Federal, State, and local law enforcement agencies.\n\n                              Counsel to the Inspector General\nThe Counsel to the Inspector General provides legal advice and counsel to the Inspector General\non various matters, including: 1) statutes, regulations, legislation, and policy directives\ngoverning the administration of SSA\xe2\x80\x99s programs; 2) investigative procedures and techniques;\nand 3) legal implications and conclusions to be drawn from audit and investigative material\nproduced by the OIG. The Counsel\xe2\x80\x99s office also administers the civil monetary penalty program.\n\x0c"